7-Eleven Japan shut down a mobile payments app after only two days because hackers exploited a simple security flaw and customers lost over $500,000

7-Eleven

  • On July 1, 7-Eleven Japan launched a mobile payment app, called 7pay, that had the security flaw of allowing anyone to reset any other user's password, ZDNet reported
  • Bad actors accessed 900 customers' accounts and made off with the equivalent of about $510,000, the company says. 
  • 7-Eleven Japan has shut down the app and promised to compensate users for the money they lost.
  • Read more on the Business Insider homepage.

On July 1st, 7-Eleven Japan launched 7pay, a new mobile app that allows customers to make purchases at its convenience stores, which are widely popular in Asia. But two days later, 7pay was shut down, after the company advised customers that third parties had accessed some accounts.

All told, the company said in a press release, over 900 customers had their accounts accessed, and they lost a collective total of ¥55 million, the equivalent of about $510,000. It promises compensation for affected users.

7pay was 7-Eleven's mobile wallet system, allowing users to make in-store payments by scanning a barcode at the cash register tied to a credit or debit card, similarly to systems like Walmart Pay. 

The way it went down, reports ZDNet and Yahoo Japan, is that some bad actors had exploited a simple security flaw with the password system — specifically, that anybody could reset any 7pay user's password.

The issue, per those reports, was that 7pay only required the user's email address, phone number, and date of birth to reset a password. Once all of that information is entered, however, it will apparently send a link to reset the password to any e-mail address you choose, even if it's not your own. 

In other words, unauthorized parties could allegedly the reset link to their own accounts, create their own passwords, and access that account, without any sophisitcated hacking technique. From there, those hackers could have theoretically walked into any 7-Eleven store that accepts 7pay and made purchases with somebody else's account.

Read more: NASA Jet Propulsion Laboratory network was hacked by targeting a Raspberry Pi that wasn't supposed to be connected to it

After the app launched, 7pay users tweeted about being locked out of their accounts.

A spokesperson for 7-Eleven did not immediately respond to a request for comment. 

SEE ALSO: Amazon is reportedly making over $100 million from one of its open source businesses — but the CEO behind the original software says Amazon isn’t slowing down its business

Join the conversation about this story »

NOW WATCH: Mount Everest is not the hardest mountain to climb — here's what makes K2 so much worse



Contributer : Tech Insider https://ift.tt/2Yx2itG
7-Eleven Japan shut down a mobile payments app after only two days because hackers exploited a simple security flaw and customers lost over $500,000 7-Eleven Japan shut down a mobile payments app after only two days because hackers exploited a simple security flaw and customers lost over $500,000 Reviewed by mimisabreena on Saturday, July 06, 2019 Rating: 5

No comments:

Sponsor

Powered by Blogger.